summaryrefslogtreecommitdiff
path: root/doc/man3/SSL_attach_stream.pod
diff options
context:
space:
mode:
Diffstat (limited to 'doc/man3/SSL_attach_stream.pod')
-rw-r--r--doc/man3/SSL_attach_stream.pod160
1 files changed, 160 insertions, 0 deletions
diff --git a/doc/man3/SSL_attach_stream.pod b/doc/man3/SSL_attach_stream.pod
new file mode 100644
index 0000000000..45e40c82e5
--- /dev/null
+++ b/doc/man3/SSL_attach_stream.pod
@@ -0,0 +1,160 @@
+=pod
+
+=head1 NAME
+
+SSL_attach_stream, SSL_detach_stream, SSL_set_default_stream_mode,
+SSL_DEFAULT_STREAM_MODE_NONE, SSL_DEFAULT_STREAM_MODE_AUTO_BIDI,
+SSL_DEFAULT_STREAM_MODE_AUTO_UNI - manage the default stream for a QUIC
+connection
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_attach_stream(SSL *conn, SSL *stream);
+ SSL *SSL_detach_stream(SSL *conn);
+
+ #define SSL_DEFAULT_STREAM_MODE_NONE
+ #define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI
+ #define SSL_DEFAULT_STREAM_MODE_AUTO_UNI
+
+ int SSL_set_default_stream_mode(SSL *conn, uint32_t mode);
+
+=head1 DESCRIPTION
+
+A QUIC connection SSL object may have a default stream attached to it. A default
+stream is a QUIC stream to which calls to L<SSL_read(3)> and L<SSL_write(3)>
+made on a QUIC connection SSL object are redirected. Default stream handling
+allows legacy applications to use QUIC similarly to a traditional TLS
+connection.
+
+When not disabled, a default stream is automatically created on an outgoing
+connection once L<SSL_read(3)> or L<SSL_write(3)> is called.
+
+A QUIC stream must be explicitly designated as client-initiated or
+server-initiated up front. This broadly corresponds to whether an application
+protocol involves the client transmitting first, or the server transmitting
+first. As such, if L<SSL_read(3)> is called first (before any call to
+L<SSL_write(3)>) after establishing a connection, OpenSSL will wait for the
+server to open the first server-initiated stream, and then bind this as the
+default stream. Conversely, if L<SSL_write(3)> is called before any call to
+L<SSL_read(3)>, OpenSSL assumes the client wishes to transmit first, creates a
+client-initiated stream, and binds this as the default stream.
+
+By default, the default stream created is bidirectional. If a unidirectional
+stream is desired, or if the application wishes to disable default stream
+functionality, SSL_set_default_stream_mode() (discussed below) can be used to
+accomplish this.
+
+If a default stream is currently bound to a QUIC connection SSL object, it can
+be detached from that QUIC connection SSL object and used explicitly by calling
+SSL_detach_stream(), which detaches the default stream and returns it as an
+explicit QUIC stream SSL object.
+
+Once detached, the caller is responsible for managing the lifetime of the QUIC
+stream SSL object and must free it by calling L<SSL_free(3)>. The lifetime of a
+QUIC connection SSL object must exceed that of any subsidiary QUIC stream SSL
+objects; in other words, QUIC stream SSL objects must be freed before the parent
+QUIC connection SSL object is freed.
+
+When a QUIC connection SSL object has no default stream currently associated
+with it, for example because the default stream was detached or because default
+stream functionality was disabled, calls to functions which require a stream on
+the QUIC connection SSL object will fail.
+
+The act of detaching a stream from a QUIC connection SSL object can be reversed
+by calling SSL_attach_stream(). This can also be used to designate a stream
+obtained via L<SSL_new_stream(3)> or L<SSL_accept_stream(3)> as the default
+stream. SSL_attach_stream() cannot be used if there is already a default stream
+associated with the QUIC connection SSL object; therefore, you may need to call
+SSL_detach_stream() first.
+
+It is recommended that new applications and applications which rely on multiple
+streams forego use of the default stream functionality, which is intended for
+legacy applications.
+
+SSL_set_default_stream_mode() can be used to configure or disable default stream
+handling. It can only be called on a QUIC connection SSL object prior to any
+default stream being created. If used, it is recommended to call it immediately
+after calling L<SSL_new(3)>, prior to initiating a connection. The argument
+B<mode> may be one of the following options:
+
+=over 4
+
+=item SSL_DEFAULT_STREAM_MODE_AUTO_BIDI
+
+This is the default setting. If L<SSL_write(3)> is called prior to any call to
+L<SSL_read(3)>, a bidirectional client-initiated stream is created and bound as
+the default stream. If L<SSL_read(3)> is called prior to any call to
+L<SSL_write(3)>, OpenSSL waits for an incoming stream from the peer (causing
+L<SSL_read(3)> to block if the connection is in blocking mode), and then binds
+that stream as the default stream. Note that this incoming stream may be either
+bidirectional or unidirectional; thus, this setting does not guarantee presence
+of a bidirectional stream when L<SSL_read(3)> is called first. To determine the
+type of a stream after a call to L<SSL_read(3)>, use L<SSL_get_stream_type(3)>.
+
+=item SSL_DEFAULT_STREAM_MODE_AUTO_UNI
+
+In this mode, if L<SSL_write(3)> is called prior to any call to L<SSL_read(3)>,
+a unidirectional client-initiated stream is created and bound as the default
+stream. The behaviour is otherwise identical to that of
+B<SSL_DEFAULT_STREAM_MODE_AUTO_BIDI>. The behaviour when L<SSL_read(3)> is
+called prior to any call to L<SSL_write(3)> is unchanged.
+
+=item SSL_DEFAULT_STREAM_MODE_NONE
+
+Default stream creation is inhibited. This is the recommended mode of operation.
+L<SSL_read(3)> and L<SSL_write(3)> calls cannot be made on the QUIC connection
+SSL object directly. You must obtain streams using L<SSL_new_stream(3)> or
+L<SSL_accept_stream(3)> in order to communicate with the peer.
+
+It is still possible to explicitly attach a stream as the default stream using
+SSL_attach_stream().
+
+=back
+
+A default stream will not be automatically created on a QUIC connection SSL
+object if the default stream mode is set to B<SSL_DEFAULT_STREAM_MODE_NONE>, or
+if the QUIC connection SSL object previously had a default stream which was
+detached using SSL_detach_stream().
+
+L<SSL_set_incoming_stream_reject_policy(3)> interacts significantly with the
+default stream functionality.
+
+=head1 RETURN VALUES
+
+SSL_detach_stream() returns a QUIC stream SSL object, or NULL if there is no
+default stream currently attached.
+
+SSL_attach_stream() returns 1 on success and 0 on failure.
+
+SSL_attach_stream() fails if a default stream is already attached to the QUIC
+connection SSL object.
+
+SSL_set_default_stream_mode() returns 1 on success and 0 on failure.
+
+SSL_set_default_stream_mode() fails if it is called after a default stream has
+already been established.
+
+These functions fail if called on a QUIC stream SSL object or on a non-QUIC SSL
+object.
+
+=head1 SEE ALSO
+
+L<SSL_new_stream(3)>, L<SSL_accept_stream(3)>, L<SSL_free(3)>,
+L<SSL_set_incoming_stream_reject_policy(3)>
+
+=head1 HISTORY
+
+These functions were added in OpenSSL 3.2.
+
+=head1 COPYRIGHT
+
+Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
View Lorry Controller Status